Cryptography-Digest Digest #790, Volume #9 Mon, 28 Jun 99 06:13:03 EDT
Contents:
Re: determining number of attempts required (Keith A Monahan)
Re: determining number of attempts required (Keith A Monahan)
Re: The One-Time Pad Paradox (Anti-SpamNameHere)
Re: The One-Time Pad Paradox (S.T.L.)
PGP Key Signing Party in Massachusetts (Sherlock S. Holmes, D.D.)
PGP Key Signing Party in Massachusetts (Sherlock S. Holmes, D.D.)
Re: Tough crypt question: how to break AT&T's monopoly??? (JPeschel)
Re: Tough crypt question: how to break AT&T's monopoly??? (Thomas Wu)
Re: one time pad (Rob Warnock)
Re: determining number of attempts required (S.T.L.)
Re: Tough crypt question: how to break AT&T's monopoly??? (JPeschel)
Re: xtea ("Gary Partis")
Re: A few questions on RSA (Gilad Maayan)
Re: DES-NULL attack ("Douglas A. Gwyn")
Re: The One-Time Pad Paradox ("Douglas A. Gwyn")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: Re: determining number of attempts required
Date: 28 Jun 1999 05:12:57 GMT
Hi Joe,
Thanks for the response.
I actually have some blowfish example source, and of course Bruce's papers,
AC, and a couple of other things. I would probably have a hard time
implementing everything, but I suppose I could write one.
The program I'm using is BestCrypt NP.
Mind passing my name/email to your friend Pavel Semjanov, or perhaps give me
his address so I can contact him?
I can tell you that the password picked is DEFINITELY not weak.... Designed
to resist attack. There is only one (misspelled) English word in the 12
characters(approx) that I am searching for.
Unless I can find another way to attack the problem at hand, 2000 looks like
it will be my max.
Thanks,
Keith
JPeschel ([EMAIL PROTECTED]) wrote:
: Keith, as far as I know there aren't any Blowfish crackers on the net, with one
: exception. Markus Hahn wrote a program to recover Blowfish 97 passwords.
: It's to demonstrate the danger of using weak passwords. (On the other
: hand, if you find or write a fast Blowfish cracker, send it to me and I'll add
: it to
: my collection)
:
: If you're going to try a dictionary attack you're going to have to do a
: helluva lot better than 2,000 attempts per hour. My Russian friend Pavel
: Semjanov has some code called PCL that may help you.
: What program created encrypted the file? If you have access to that program
: there may be a more efficient way of breaking the system.
: Joe
: __________________________________________
: Joe Peschel
: D.O.E. SysWorks
: http://members.aol.com/jpeschel/index.htm
: __________________________________________
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: Re: determining number of attempts required
Date: 28 Jun 1999 05:24:26 GMT
Hi Tom,
Thanks for the explanation of the formulas. That helps.
: Hmm why may I ask are you trying to hack your own password?
I could get into a long story about me NEVER forgetting any of my
passwords despite their complexity, but I'll skip that. Suffice to say that
I don't remember the whole thing.
: Tom
Keith
------------------------------
Date: Sun, 27 Jun 1999 22:58:42 -0700
From: Anti-SpamNameHere <[EMAIL PROTECTED]>
Subject: Re: The One-Time Pad Paradox
Mr.Savard's concern over the possible (yet can be shown to be small in
probability) exposure of the message plaintext in the ciphertext output
of the OTP encryption can be mitigated with the use of code phrase books
common to Alice and Bob, who we assume are communicating here with two
copies of the OTP. Alice takes the original message M and converts it
into a new message M' by substituting nouns, verbs, adjectives, entire
phrases that appear in M with alternatives in the code phrase book. The
plaintext M' is now encrypted with the OTP. Bob decypts M' with his
copy of the OTP and applies the code phrase book to regenerate M. For
example, "The eagle has landed" may literally mean a raptor touched down
within sight of Alice. Or, Alice may be reporting that she and her
special forces contingent just landed in the designated LZ with no
resistance and are on their way to the target.
The substitution phrases must NOT rely on the shared history or
culture/sub-culture of ALice and Bob. Assume Trent spots a cleartext
phrase in the ciphertext. Trent will know about Alice's and Bob's pasts,
what their interests are, their families, employment, education, habits
- anything public, assume Trent knows it. A random book of code phrases
(?) might be the best (and that's just as difficult to generate as the
random OTP.) "The eagle has landed" holds strong cultural meanings to
different groups (Apollo 11 - moon landings, the movie about the
attempted kidnapping of Churchill ) and Trent may be aware of this.
"The bananas are ripe, yet the dog still scratches" is far more
mysterious to Trent. He needs to figure out what context and what
elements in that context correspond to the bananas, their ripeness, what
is the dog and why does it matter that it still itches? This is
possibly an interesting problem for further analysis.
------------------------------
From: [EMAIL PROTECTED] (S.T.L.)
Subject: Re: The One-Time Pad Paradox
Date: 28 Jun 1999 06:57:53 GMT
That is simply adding another layer of encryption to an OTP, which if applied
perfectly is completely secure, REGARDLESS of "null keys" because of the
existence of "completely different intelligible text producing" keys, which
everyone seems to ignore.
-*---*-------
S.T.L. ===> [EMAIL PROTECTED] <=== BLOCK RELEASED! 2^3021377 - 1 is PRIME!
Quotations: http://quote.cjb.net Main website: http://137.tsx.org MOO!
"Xihribz! Peymwsiz xihribz! Qssetv cse bqy qiftrz!" e^(i*Pi)+1=0 F00FC7C8
E-mail block is gone. It will return if I'm bombed again. I don't care, it's
an easy fix. Address is correct as is. The courtesy of giving correct E-mail
addresses makes up for having to delete junk which gets through anyway. Join
the Great Internet Mersenne Prime Search at http://entropia.com/ips/ Now my
.sig is shorter and contains 3379 bits of entropy up to the next line's end:
-*---*-------
Card-holding member of the Dark Legion of Cantorians, the Great SRian
Conspiracy, the Triple-Sigma Club, the Union of Quantum Mechanics, and
the Holy Order of the Catenary.
Avid watcher of "World's Most Terrifying Causality Violations", "World's
Scariest Warp Accidents", and "When Tidal Forces Attack: Caught on Tape"
Patiently awaiting the launch of Gravity Probe B and the discovery of M39
Physics Commandment #3: Thou Shalt Conserve Baryon Number.
------------------------------
From: [EMAIL PROTECTED] (Sherlock S. Holmes, D.D.)
Subject: PGP Key Signing Party in Massachusetts
Date: Mon, 28 Jun 1999 06:55:02 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Greetings,
I am planning a PGP Key Signing Party in Central Massachusetts (in the
Worcester area) and I would like to invite people from Central New
England to attend.
If you live in the area, and would like to get together with other
Pretty Good Privacy users to sign each other's keys (if you are satisfied
with the I.D. each other guest has), please drop me a note ASAP. I am
going to be planning the date, time and place very soon.
When you respond, please indicate any preferences for days (weekdays,
weekends, afternoons, evenings, etc.,) and times so I can try to
accomadate as may people as possible. I have already had some responses
to a previous notice and I am looking forward to getting as many
PGP-users as possible.
Thank you very much for taking the time to read this post. I hope to
hear from you soon. Take care and God bless,
The Rev. Sherlock S. Holmes, D.D.
P.S. YES, this is my real name.
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.0.2i
Comment: Get My Keys: http://zap.to/pgp
iQA/AwUBN3caOSOMIoUcBS+3EQIn+QCfWwFV8NBt1fiRbxshKA+ARHr7gGoAn0CC
AtJEfLwNiAv5jfe2+LeNHygD
=HjqF
=====END PGP SIGNATURE=====
************************************************************
(C) Copyright 1999 All Rights Reserved By:
Sherlock S. Holmes, D.D.
See My Web-site: http://www.sherlockholmes.com
All E-Mail To: [EMAIL PROTECTED]
Get My PGP Public Keys: http://zap.to/pgp
My PGP Default Key (2048-bit DH/DSS) Fingerprint:
1E96 649C FB67 55E0 471C BDFE 238C 2285 1C05 2FB7
************************************************************
------------------------------
From: [EMAIL PROTECTED] (Sherlock S. Holmes, D.D.)
Subject: PGP Key Signing Party in Massachusetts
Date: Mon, 28 Jun 1999 06:55:13 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Greetings,
I am planning a PGP Key Signing Party in Central Massachusetts (in the
Worcester area) and I would like to invite people from Central New
England to attend.
If you live in the area, and would like to get together with other
Pretty Good Privacy users to sign each other's keys (if you are satisfied
with the I.D. each other guest has), please drop me a note ASAP. I am
going to be planning the date, time and place very soon.
When you respond, please indicate any preferences for days (weekdays,
weekends, afternoons, evenings, etc.,) and times so I can try to
accomadate as may people as possible. I have already had some responses
to a previous notice and I am looking forward to getting as many
PGP-users as possible.
Thank you very much for taking the time to read this post. I hope to
hear from you soon. Take care and God bless,
The Rev. Sherlock S. Holmes, D.D.
P.S. YES, this is my real name.
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.0.2i
Comment: Get My Keys: http://zap.to/pgp
iQA/AwUBN3caOSOMIoUcBS+3EQIn+QCfWwFV8NBt1fiRbxshKA+ARHr7gGoAn0CC
AtJEfLwNiAv5jfe2+LeNHygD
=HjqF
=====END PGP SIGNATURE=====
************************************************************
(C) Copyright 1999 All Rights Reserved By:
Sherlock S. Holmes, D.D.
See My Web-site: http://www.sherlockholmes.com
All E-Mail To: [EMAIL PROTECTED]
Get My PGP Public Keys: http://zap.to/pgp
My PGP Default Key (2048-bit DH/DSS) Fingerprint:
1E96 649C FB67 55E0 471C BDFE 238C 2285 1C05 2FB7
************************************************************
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Tough crypt question: how to break AT&T's monopoly???
Date: 28 Jun 1999 07:49:56 GMT
> [EMAIL PROTECTED] writes:
>With the PKZIP skeme you don't need much chosen /known plaintext
>though. The only things it may be good for is highly compressed files
>such as MP3 or JPG. In which case why are you zipping them?
Did you mean that if one used PKZIP for encryption ( for some reason or other)
that the pkzip encryption would be better to use on MP3s or JPGs rather than
more
compressible files?
If that's what you meant, you're mistaken. Files type with known headers
like MPGs and JPGs make a known-plaintext attack even easier.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: Thomas Wu <[EMAIL PROTECTED]>
Subject: Re: Tough crypt question: how to break AT&T's monopoly???
Date: 28 Jun 1999 00:29:40 -0700
[EMAIL PROTECTED] (Jayjames99) writes:
>
> I am trying to send an encypted file to somebody who is not computer savvy, in
> a format so that the receiving party does not have to know how to decrypt the
> file. It will simply self-extract, ask for the private key to be entered, and
> voila...the file is now readalble.
Are you sure this is a good idea? It sounds like you're asking the
recipient to run an arbitrary executable in an attachment. What's to
stop someone from substituting something that prompts for a private key
and send the bad guy a copy? Or even a self-extracting virus, for that
matter?
OTOH, if this threat isn't an issue, you can always bundle a standalone
crypto app with WinZip Self-Extractor along with your data.
--
Tom Wu * finger -l [EMAIL PROTECTED] for PGP key *
E-mail: [EMAIL PROTECTED] "Those who would give up their freedoms in
Phone: (650) 723-1565 exchange for security deserve neither."
http://www-cs-students.stanford.edu/~tjw/ http://srp.stanford.edu/srp/
------------------------------
From: [EMAIL PROTECTED] (Rob Warnock)
Subject: Re: one time pad
Date: 28 Jun 1999 08:16:01 GMT
Terry Ritter <[EMAIL PROTECTED]> wrote:
+---------------
| I dispute that the theoretical OTP proof implies a proof for a
| practical OTP. I assert that there is no proof for a practical OTP
| unless the pad can be proven or guaranteed "random" or "unpredictable"
| in practice.
+---------------
I suggest you look at some of Gregory Chaitin's work (e.g., the Halting
Problem and the number "Omega") before wasting much more energy on chasing
the chimera of "proving randomness". Chaitin has reformulated Godel's Proof
in a way that shows that you can't prove that something *is* "random",
though you may (in some cases) be able to prove that it *isn't*! That is,
proving a stream is "really random" is equivalent to solving the halting
problem, and *that's* a problem that's already been proved you *can't* solve!
The best you can *ever* say about a presumed-random stream is that it
hasn't been shown to be non-random *yet*...
-Rob
=====
Rob Warnock, 8L-855 [EMAIL PROTECTED]
Applied Networking http://reality.sgi.com/rpw3/
Silicon Graphics, Inc. Phone: 650-933-1673
1600 Amphitheatre Pkwy. FAX: 650-933-0511
Mountain View, CA 94043 PP-ASEL-IA
------------------------------
From: [EMAIL PROTECTED] (S.T.L.)
Subject: Re: determining number of attempts required
Date: 28 Jun 1999 07:03:56 GMT
<<As embarrassing as this is, it was scenario 1. I haven't had problems with
remembering ANY of my passwords over the last 15? years. I went on a few
week vacation and now forget the damn thing. I can remember a large portion
of it but I can't remember which chars were in which order.>>
There was a short period of time when I realized to my horror that I forgot two
words of my nine word, provably-128-bit-strength PGP password. A couple of
nights of sleep somehow restored it into my brain. That one's even worse,
because forgetting two words means something like 2^30 bits, and worse yet, I
deleted the dictionary I used to create it, meaning that the actual searchspace
I would have had to use would have been quite nasty. Good thing I didn't
encrypt anything important with it.
<<The speed at which I can try keys is actually pretty funny. Since there is
no custom blowfish cracker, I'm stuck at using the interface at which I'm
given - which is BestCrypt NP. BestCrypt takes input from the keyboard,
of course, for the password. I have an rs-232 -> keyboard converter, which
I've attached to my amiga 500, running a BASIC program that generates a
bunch of possible passwords and tries them. The unfortunate part is that
the rs-232 -> keyboard box is only ONE way, and the amiga gets ZERO feedback
from the other computer.... SO, I can only use time to tell the amiga to
enter a password, and to "press enter" at the "Password incorrect" dialog.
The target computer is definitely my local machine which I have 24/7 access
to.>>
That makes sense. Nice setup you have there, actually. However, I believe that
if you can code C, making your own custom cracker would result in a net
speedup. :-D That'd be my suggestion.
-*---*-------
S.T.L. ===> [EMAIL PROTECTED] <=== BLOCK RELEASED! 2^3021377 - 1 is PRIME!
Quotations: http://quote.cjb.net Main website: http://137.tsx.org MOO!
"Xihribz! Peymwsiz xihribz! Qssetv cse bqy qiftrz!" e^(i*Pi)+1=0 F00FC7C8
E-mail block is gone. It will return if I'm bombed again. I don't care, it's
an easy fix. Address is correct as is. The courtesy of giving correct E-mail
addresses makes up for having to delete junk which gets through anyway. Join
the Great Internet Mersenne Prime Search at http://entropia.com/ips/ Now my
.sig is shorter and contains 3379 bits of entropy up to the next line's end:
-*---*-------
Card-holding member of the Dark Legion of Cantorians, the Great SRian
Conspiracy, the Triple-Sigma Club, the Union of Quantum Mechanics, and
the Holy Order of the Catenary.
Avid watcher of "World's Most Terrifying Causality Violations", "World's
Scariest Warp Accidents", and "When Tidal Forces Attack: Caught on Tape"
Patiently awaiting the launch of Gravity Probe B and the discovery of M39
Physics Commandment #3: Thou Shalt Conserve Baryon Number.
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Tough crypt question: how to break AT&T's monopoly???
Date: 28 Jun 1999 08:27:05 GMT
>[EMAIL PROTECTED] (Bill Unruh) writes:
>It would be trivial to write such a program. It would also, under the US
>regualtions be illegal to send such an email outside the USA without a
>license.
>I am sure that such has been written many times.
Bill where in EAR is the tranmission of a message that can be decrypted
restricted? A one-way communication by a self-extracting encrypted file is not
much different than communcating by PGP, except that you don't need
to have a program for decryption. I can see that sending
a program outside of the US that allows the correspondent to encrypt
messages would be restricted, but certainly a decryptable message isn't
restricted.
Have I missed a thread, a specific part of the regulation?
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: "Gary Partis" <[EMAIL PROTECTED]>
Subject: Re: xtea
Date: Mon, 28 Jun 1999 09:46:29 +0100
Hi,
Nikos Mavroyanopoulos <[EMAIL PROTECTED]> wrote in article
<[EMAIL PROTECTED]>...
> Hello,
> In ftp.funet.fi/pub/crypt/cryptography/symmetric/tea/tean.c
> file the xtea algorithm has the following line in the source:
>
> y += ((z << 4) ^ (z >> 5)) + (z ^ sum) + k[sum & 3];
>
> whereas Needham and Wheeler in their "Tea extensions", djw-rmn-xtea.ps ,
use:
>
> y += (z << 4 ^ z >> 5) + z ^ sum + k[sum & 3];
>
> In djw-rmn-xtea there no parenthesis, and it is not clear (to me) what
> they mean. Which one is the right one? (they produce diffent outputs).
> (the problem is in z^sum)
> Thank you.
I originally coded the former in Z80 assembler and was unable to decrypt
data generated from the C encrypt code. Obviously this was due to the rules
of precedence in C (ie. the XOR has lower priority over addition). I then
modified the Z80 code to take this into account.
So, I am now left with a problem. If the original version (without the
parenthesis) correct or is the later one (with the parenthesis) the one to
use?
Not being a cryptologist, I cannot establish any shortfalls of either
version, so any advice would be welcome!
TIA
--
Gary Partis, North Shields, Tyne & Wear, UK
Fast Fax : 0870 056 1096
Secure Fax: 0191 280 1306
http://www.partis.demon.co.uk
Want regular laughs in your in box, then go to
http://www.partis.demon.co.uk/funny.htm and
follow the instructions!
------------------------------
From: [EMAIL PROTECTED] (Gilad Maayan)
Subject: Re: A few questions on RSA
Date: Mon, 28 Jun 1999 08:37:47 GMT
>... Recovering phi(n) from n alone is as hard as factoring.
Phew... That's a relief. My whole system collapsed under me when I
thought e and d were inverses :)
Just two more things: You didn't tell me your opinion on my 3DES
contention - that with one output only, finding the function (the one
that gets keys x and y out of your exposed key-seed) is equivalent to
breaking the cryptosystem. I'd really like to hear your opinion on
this. Also, with regard to the padding your mentioned on our 20-bit
plaintext: Would it be problematic if I used no padding?
Many thanks,
Gilad Maayan
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: DES-NULL attack
Date: Mon, 28 Jun 1999 09:04:07 GMT
[EMAIL PROTECTED] wrote:
> ... How can you test
> the capabilities of the organization? Even if you were a senator on the
> oversight committee, with theoretical access to everything they are
> supposed to be doing, how do you measure this expertise?
The Senate's usual criterion is the amount and quality of the product.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: The One-Time Pad Paradox
Date: Mon, 28 Jun 1999 09:11:57 GMT
John Savard wrote:
> ... we don't live in a perfect world, and an adversary may not know
> that we're using the one-time-pad for our messages.
That's even better!
Really, you need to go through the exercise I suggested in a previous
posting. Whether or not the adversary knows the general system, he is
unable to distinguish between accidental plaintexts generated from
time to time by any cryptosystem; they are exceedingly rare (if of any
substantial length), and nearly all of them are spurious. If he takes
them at face value, he will almost always be wrong.
It's simply not a problem.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
